Retrograde Inversion of Telecommunications Policy

Going backwards upside down. That's what we're doing with telecommunications policy in the U.S. The Comcast affair should prompt a re-examination of many decisions the FCC, Congress, and the courts have made over the last few years. When the FCC reports on its reactions to Comcast's activities, the right response will be "You're asking the wrong question." "What is reasonable network management" isn't the question we should be asking... more

Why Attribution Is Important for Today’s Network Defenders

It makes me cringe when I hear operators or security practitioners say, "I don't care who the attacker is, I just want them to stop." I would like to believe that we have matured past this idea as a security community, but I still find this line of thinking prevalent across many organizations -- regardless of their cyber threat operation's maturity level. Attribution is important, and we as Cyber Threat Intelligence (CTI) professionals, need to do a better job explaining across all lines of business and security operations... more

Phishers Expand Number of Top Level Domains Abused, Policy Changes Found Effective in Prevention

The new Global Phishing Survey released by the Anti-Phishing Working Group (APWG) this month reveals that phishing gangs are concentrating their efforts within specific top level domains (TLDs), but also that anti-phishing policies and mitigation programs by domain name registrars and registries can have a significant and positive effect. The number of TLDs abused by phishers for their attacks expanded 7 percent from 145 in H2/2007 to 155 in H1/2008. The proportion of Internet-protocol (IP) number-based phishing sites decreased 35 percent in that same period, declining from 18 percent in the second half of 2007 to 13 percent in the first half of 2008. more

Hot Architectural Issues for the Internet

The Internet Architecture Board's (IAB) chair, Olaf Kolkman, asked the members of the IAB to provide a statement paper each on what they believe the current most pressing issues in terms of Internet architecture are... I have thought about this for the past few days, and realised that it's hard to come up with overarching issues and even harder to come up with issues, where the IAB actually could make a difference. But I came with up with two issues. more

Cuba’s New WiFi Regulations – Good, Bad or Meh?

Soon after ETECSA began rolling out WiFi hotspots for Internet access, people began linking to them from homes and community street nets. These connections and importing the WiFi equipment they used were illegal, but generally tolerated as long as they remained apolitical and avoided pornography. Regulations passed last month legalized some of this activity in a bid to boost connectivity by allowing Internet access from homes and small private businesses like restaurants and vacation rentals that are located close enough to a hotspot to establish a WiFi connection. more

Switching on the Light: Expression of Interest for New TLDs

They say late converts are the most passionate believers. Until now I haven't supported the Expression of Interest (EOI) for new TLDs, the proposed mechanism to measure the number and type of likely applications. Not because it won't work (I think it'll work fine) but because I didn't think it was necessary. I've changed my mind. Here's why. more

A Journey Into the Surreal: The GOP Protecting “Internet Freedom” With 25 Friends

Few people would suggest that much of the life in the U.S. national political scene these days has any nexus to the real world. At national election time, the disconnect and hyperbole in Washington get worse. "Unhinged" seems to be a common term. The recently released GOP platform on "protecting internet freedom" followed up by the "twenty-five advocacy groups" letter to Congressional leaders is definitely an unhinged a journey into the land of the clueless. more

In Network Security Design, It’s About the Users

One of the longstanding goals of network security design is to be able to prove that a system -- any system -- is secure. Designers would like to be able to show that a system, properly implemented and operated, meets its objectives for confidentiality, integrity, availability and other attributes against the variety of threats the system may encounter. A half century into the computing revolution, this goal remains elusive. more

What Makes a Good ESP?

There are a number of things that make a responsible Email Service Provider (ESP), including setting and enforcing standards higher than those set by the ISPs. One of the responsible ESPs is Mailchimp. (Full disclaimer, I do consult for Mailchimp.) This ESP focuses on businesses with small to medium sized lists. They screen new customers for source of permission as well as mail content. more

Could Trump Administration Reverse ICANN Independency? ITIP Chief Weighs In

Could the Trump administration reverse the decision to give the Internet Corporation for Assigned Names and Numbers (ICANN) autonomy from the U.S. Department of Commerce? more

Geeks All Trust Each Other But Not in China

Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more

Göran Marby’s First Visit to China as ICANN President, Named ??? by China Internet Community

On April 20, 2017, an 8-person delegation led by Göran Marby, President & CEO of ICANN, visited China Academy of Information and Communication Technology (CAICT). Madam Liu Duo, President of CAICT met with Mr. Göran Marby and the delegation. After the meeting, Mr. Marby attended the Chinese Internet Community Seminar held jointly by CAICT and ICANN Beijing Engagement Center. more

Core Principles of Domain Name Law Created in UDRP Proceedings

When in the Fall of 1999 the Internet Corporation for Assigned Names and Numbers (ICANN) implemented the Uniform Domain Name Dispute Resolution Policy, it did not come with a fully formed jurisprudence. Panelists were essentially on their own in creating it. They had some guidance from a lengthy and detailed report published by the World Intellectual Property Organization ... and a basket of principles derived from trademark law, but panelists had to build the jurisprudence from scratch. more

Corresponding to Trademarks, But Nonactionable Claims for Cybersquatting

The threshold for an actionable claim under the Uniform Domain Name Dispute Resolution Policy (UDRP) is a trademark in which complainant has rights. "Rights" means a trademark that could have been newly minted a moment before filing the complaint. This is different from the Anticybersquatting Consumer Protection Act (ACPA) in which trademark owners must have a "mark that is distinctive at the time of registration of the domain name." The difference is important... more

Government-Industry Collaboration Is Better than Developing a Surveillance State

President Obama, in March 2016, again stressed the need for better collaboration between the tech industry and the government. He referred to his own White House initiative - this has resulted in the newly-formed US Digital Service, which is trying to recruit the tech industry to work with and for government. One of the key reasons it is so difficult to establish trustworthy, good working relationships is the extreme lack of tech understanding among most politicians and government bureaucrats. more